[SCM] Samba Shared Repository - branch master updated

Andrew Bartlett abartlet at samba.org
Tue Mar 13 22:49:02 UTC 2018


The branch, master has been updated
       via  20609aa s4: dsdb/password_hash: use UF_TRUST_ACCOUNT_MASK
       via  8497d20 libds: rename UF_MACHINE_ACCOUNT_MASK to UF_TRUST_ACCOUNT_MASK
      from  c41895b CVE-2018-1050: s3: RPC: spoolss server. Protect against null pointer derefs.

https://git.samba.org/?p=samba.git;a=shortlog;h=master


- Log -----------------------------------------------------------------
commit 20609aa260f0a84dff4574df4a1564884a813f92
Author: Ralph Boehme <slow at samba.org>
Date:   Thu Mar 8 17:35:15 2018 +0100

    s4: dsdb/password_hash: use UF_TRUST_ACCOUNT_MASK
    
    Signed-off-by: Ralph Boehme <slow at samba.org>
    Reviewed-by: Andrew Bartlett <abartlet at samba.org>
    
    Autobuild-User(master): Andrew Bartlett <abartlet at samba.org>
    Autobuild-Date(master): Tue Mar 13 23:48:28 CET 2018 on sn-devel-144

commit 8497d2090900b252853278f29a4aaf3bce7515da
Author: Ralph Boehme <slow at samba.org>
Date:   Thu Mar 8 17:34:08 2018 +0100

    libds: rename UF_MACHINE_ACCOUNT_MASK to UF_TRUST_ACCOUNT_MASK
    
    The name UF_TRUST_ACCOUNT_MASK better reflects the use case and it's not
    yet used.
    
    Signed-off-by: Ralph Boehme <slow at samba.org>
    Reviewed-by: Andrew Bartlett <abartlet at samba.org>

-----------------------------------------------------------------------

Summary of changes:
 libds/common/flags.h                           | 2 +-
 source4/dsdb/samdb/ldb_modules/password_hash.c | 4 +---
 2 files changed, 2 insertions(+), 4 deletions(-)


Changeset truncated at 500 lines:

diff --git a/libds/common/flags.h b/libds/common/flags.h
index d431bd5..d436f2b 100644
--- a/libds/common/flags.h
+++ b/libds/common/flags.h
@@ -53,7 +53,7 @@
 #define UF_PARTIAL_SECRETS_ACCOUNT		0x04000000
 #define UF_USE_AES_KEYS                         0x08000000
 
-#define UF_MACHINE_ACCOUNT_MASK (\
+#define UF_TRUST_ACCOUNT_MASK (\
 		UF_INTERDOMAIN_TRUST_ACCOUNT |\
 		UF_WORKSTATION_TRUST_ACCOUNT |\
 		UF_SERVER_TRUST_ACCOUNT \
diff --git a/source4/dsdb/samdb/ldb_modules/password_hash.c b/source4/dsdb/samdb/ldb_modules/password_hash.c
index 1c1de09..c872f20 100644
--- a/source4/dsdb/samdb/ldb_modules/password_hash.c
+++ b/source4/dsdb/samdb/ldb_modules/password_hash.c
@@ -3211,9 +3211,7 @@ static int setup_io(struct ph_context *ac,
 
 	/* Only non-trust accounts have restrictions (possibly this test is the
 	 * wrong way around, but we like to be restrictive if possible */
-	io->u.restrictions = !(io->u.userAccountControl
-		& (UF_INTERDOMAIN_TRUST_ACCOUNT | UF_WORKSTATION_TRUST_ACCOUNT
-			| UF_SERVER_TRUST_ACCOUNT));
+	io->u.restrictions = !(io->u.userAccountControl & UF_TRUST_ACCOUNT_MASK);
 
 	if (io->u.is_krbtgt) {
 		io->u.restrictions = 0;


-- 
Samba Shared Repository



More information about the samba-cvs mailing list